CyberArk Workforce Identity Features

Based on 36 CyberArk Workforce Identity reviews. Process of providing credentials and logging into multiple systems is easy and intuitive for users

As reported in 34 CyberArk Workforce Identity reviews. Supports required 3rd party Authentication Technologies. Example systems: bioMetric, passwords, key cards, token based systems, etc.

As reported in 29 CyberArk Workforce Identity reviews. Provides support for Multi-Factor authentication, so users are required to provide multiple factors to authenticate. For example, something they know, Something they have or something they are.

As reported in 31 CyberArk Workforce Identity reviews. Support SSO via Web agents, proxy agents, agent-less, SAML or oAuth and WS-Federation authentication and authorization Web services depending upon the application and business use case

Based on 30 CyberArk Workforce Identity reviews. Can serve as the identity provider to external service providers so that when the user logs into a service, instead of providing credentials to the service provider, the service provider trusts the identity provider to validate the credentials.

Can serve as the Service provider from an external service so that when the user logs in externally they have seamless SSO to internal applications from a service provider. 21 reviewers of CyberArk Workforce Identity have provided feedback on this feature.

Provides ability to control access to PC's, Mobile devices, and other endpoint devices. This feature was mentioned in 23 CyberArk Workforce Identity reviews.

Controls access to legacy applications, web based applications, network resources and servers while employees are on the companies local area network. This feature was mentioned in 25 CyberArk Workforce Identity reviews.

Controls access to legacy applications, web based applications, networks resources while employees are outside the local area network. This feature was mentioned in 24 CyberArk Workforce Identity reviews.

Controls access to users that are not company employees that are either within the companies local area network or outside the network This feature was mentioned in 14 CyberArk Workforce Identity reviews.

Enables users to use their own device to access company applications. This feature was mentioned in 19 CyberArk Workforce Identity reviews.

Based on 30 CyberArk Workforce Identity reviews. Installation process is easy and flexible.

Based on 29 CyberArk Workforce Identity reviews. Options for resetting and enforcing password policies

As reported in 34 CyberArk Workforce Identity reviews. Provides Administration tools/console that are easy to use and learn for routine maintenance tasks

Easily provisions new systems, platforms or applications using configuration and not customization. 34 reviewers of CyberArk Workforce Identity have provided feedback on this feature.

As reported in 27 CyberArk Workforce Identity reviews. Users can set, change passwords without interaction from IT staff

Based on 37 CyberArk Workforce Identity reviews and verified by the G2 Product R&D team. Standard and customized report creation to ensure appropriate access rights have been assigned

Based on 24 CyberArk Workforce Identity reviews and verified by the G2 Product R&D team. Provides mobile application that alerts administrators of potential issues and allows administrators manage access rights

Based on 38 CyberArk Workforce Identity reviews and verified by the G2 Product R&D team. Support for wide variety of cloud and on premise apps to automate provisioning for existing and new applications procured

Based on 25 CyberArk Workforce Identity reviews and verified by the G2 Product R&D team. Provides appropriate application interfaces to enable custom integrations for unique business requirements

Automates account/access rights creation, changes and removals for on-premise and cloud apps

Enables administrators to create access policies and applies policy controls throughout request and provisioning processes

Variety and Quality of integrations (ie Active Directory, LDAP)

Easily provisions new systems, platforms or applications using configuration and not customization.

Encrypts all data transfers using end-to-end encryption.

Provides audit trails to monitor useage to reduce fraud.

Complies with regulations for strong customer authentication such as KYC, PSD2, and others.

Keep identity attributes consistent across applications whether the change is made in the provisioning system or the application.

Enables administrators to create access policies and applies policy controls throughout request and provisioning processes.

Provides or integrates with a cloud based directory option that contains all user names and attributes.

Integrates with common applications such as service desk tools.

Based on 31 CyberArk Workforce Identity reviews. Supports Endpoint access control to multiple operating systems

Based on 21 CyberArk Workforce Identity reviews. Allows user authentication to be honored by all the hosts in two or more domains

As reported in 30 CyberArk Workforce Identity reviews. Support access to browser based applications across required browser types

Provides required failover mechanisms to ensure if one server, network, etc fails users are still able able to authenticate 20 reviewers of CyberArk Workforce Identity have provided feedback on this feature.

As reported in 28 CyberArk Workforce Identity reviews. Contains pre-built and custom reporting tools to required to manage business

Provides mechanism for auditing authentication for trouble shooting purposes. 28 reviewers of CyberArk Workforce Identity have provided feedback on this feature.

As reported in 19 CyberArk Workforce Identity reviews. Can call and pass credentials to third party web services.

Based on 21 CyberArk Workforce Identity reviews and verified by the G2 Product R&D team. Users can request access to an application and be automatically provisioned if they meet policy requirements

Based on 34 CyberArk Workforce Identity reviews and verified by the G2 Product R&D team. Automates account/access rights creation, changes and removals for on-premise and cloud apps

Based on 38 CyberArk Workforce Identity reviews and verified by the G2 Product R&D team. Establish roles that create a set of authentication rights for each user in the role

Based on 34 CyberArk Workforce Identity reviews and verified by the G2 Product R&D team. Enables administrators to create access policies and applies policy controls throughout request and provisioning processes

Based on 34 CyberArk Workforce Identity reviews and verified by the G2 Product R&D team. Terminate access to multiple applications based on dates

Based on 23 CyberArk Workforce Identity reviews and verified by the G2 Product R&D team. Allow business stake-holders/managers to approve or reject requested changes to access via a defined workflow

Based on 29 CyberArk Workforce Identity reviews and verified by the G2 Product R&D team. Enables users to reset passwords without administrator interaction. Enforces password policies when resetting.

Based on 29 CyberArk Workforce Identity reviews and verified by the G2 Product R&D team. Change users and permissions in bulk

Based on 27 CyberArk Workforce Identity reviews and verified by the G2 Product R&D team. Keep identity attributes consistent across applications whether the change is made in the provisioning system or the application

Based on 26 CyberArk Workforce Identity reviews and verified by the G2 Product R&D team. Alerts administrators when inappropriate access occurs

Based on 26 CyberArk Workforce Identity reviews and verified by the G2 Product R&D team. Proactively audits access rights against policies

Sends a one-time passcode (OTP) via SMS.

Provides a one-time passcode (OTP) via voice-call.

Sends a one-time passcode (OTP) via email.

Supports hardware tokens, which are often USB-sized, fob-like devices that store codes.

Offers software tokens, which are applications installed on a mobile phone, wearable devices, or desktops and generate time-based one-time passcodes (TOTP) that a user can easily copy. Software tokens work both online and offline.

Allows biometric factors such as fingerprints, faceprints, voiceprints, or other biometric information to be used as an authentication factor.

Offers mobile push authentication, which is a user-friendly method that does not require a user to copy a code, but rather accept or deny an authentication using a mobile application. Mobile push authentication only works when a user is connected to the internet.

Analyzes users' IP addresses, devices, behaviors and identities to authenticate a user.

Allows administrative control over automated security tasks.

Protects application access and data. Prompts additional authentication for suspicious users.

Protects computing resources across a network. Prompts additional authentication for suspicious users.

Protects informatin stored on premises and in the cloud. Prompts additional authentication for suspicious users.

Provides a risk-based approcach to determining trust within the network.

Calculates risk based on user behavior, permissions, and requests.

Monitors users attempting unauthorized access to databases, applicaitons, and othe network components.

Establish roles that create a set of authentication rights for each user in the role

Terminate access to multiple applications based on dates

Controls access to legacy applications, web based applications, networks resources while employees are outside the local area network.

Controls access to users that are not company employees that are either within the companies local area network or outside the network

Provides a single access point for users to access multiple cloud products without multiple logins.

Provides support for Multi-Factor authentication, so users are required to provide multiple factors to authenticate. For example, something they know, Something they have or something they are.

Supports required 3rd party Authentication Technologies. Example systems: bioMetric, passwords, key cards, token based systems, etc.

Enables a seamless customer experience with self-registration and self-service functions, including account creation and preference management.

Verifies user identity with authentication, which may include multiple multi-factor authentication methods.

Scales to support growing a customer base.

Captures and manages a customer's consent and preferences to comply with data privacy laws such as GDPR and CCPA.

Offers users the option to sign in with social media accounts.

Integrates with directories or other data stores that house customer data to create a complete view of a customer.

Offers FIDO2-enabled authentication method

Works with hardware security keys

Offer users multiple ways to authenticate including, but not limited to: mobile push on trusted devices, FIDO-enabled devices, physical security keys, keycards, smart watches, biometrics, QR codes, desktop app + pin, and others.

Offers solutions when users are offline or do not have access to a mobile phone.

Based on 10 CyberArk Workforce Identity reviews. Simplifies or automates user provisioning, deprovisioning, and other user role changes.

Offers password management tools to end users.

As reported in 12 CyberArk Workforce Identity reviews. Offers single sign-on functionalities to end users, allowing them to authenticate once and be given access to all of their company accounts.

Based on 10 CyberArk Workforce Identity reviews. Enforces user-access policies based on individual, role type, group membership or other factors to prevent unauthorized access to company systems and data.

Authenticates users prior to granting access to company systems. 11 reviewers of CyberArk Workforce Identity have provided feedback on this feature.

Offers multi-factor authentication methods to verify a user's identity. 10 reviewers of CyberArk Workforce Identity have provided feedback on this feature.

Connections use open standards such as SAML or RADIS.

Offers developers a mobile software development kit to seamlessly add biometric authentication into their applications.

Integrates with identity and access management (IAM) solutions to manage workforce authentication.

Integrates with customer identity and access management (ICAM) solutions to manage customer authentication.

Constantly monitors traffic and activity. Detects anomalies in functionality, user accessibility, traffic flows, and tampering.

Constantly monitors acivity related to user behavior and compares activity to benchmarked patterns and fraud indicators.

Provide insights into why trends are occurring and what issues could be related.

Monitors, records, and logs both real-time and post-event activity.

Constantly monitors activity related to user behavior and compares activity to benchmarked patterns.

Gives alerts when incidents arise. Some responses may be automated, but users will still be informed.

Monitors the actions from endpoints within a network. Alerts users of incidents and abnormal activities and documents the access point.

Provides an IAM solution for cloud-based systems. 18 reviewers of CyberArk Workforce Identity have provided feedback on this feature.

As reported in 17 CyberArk Workforce Identity reviews. Tracks user activities across protected systems.

Provides reporting functionality. 18 reviewers of CyberArk Workforce Identity have provided feedback on this feature.

Log and report all modifications to user roles and access rights.

Provide standardized reports for regulatory compliance and audits.

Offers an easy to understand user interface to make setup smooth.

Offers a mobile software development kit (SDK) for iOS, Blackberry, and Android.

Offers a software development kit (SDK) for web-based applications.

Investigate identity threats with contextual user information.

Monitor & detect malicous identity and privileges activity

Identify identity-related misconfigurations.

Offers integrations to identity store providers.

Provide full coverage of identity estate with granular detail.

Remove unauthorized accounts and excessive privileges

Provides full audit trail with notifications, ticketing, and compliance information.

Condenses long documents or text into a brief summary.

Allows users to generate text based on a text prompt.

Capability to perform complex tasks without constant human input

Ability to break down and plan multi-step processes

Anticipates needs and offers suggestions without prompting

Makes informed choices based on available data and objectives

Capability to perform complex tasks without constant human input

Ability to break down and plan multi-step processes

Works across multiple software systems or databases

Grant access based on user attributes, location, device posture or risk.

Automate onboarding, offboarding, and access reviews throughout user lifecycles.

Enable users to reset passwords and update profiles without admin support.

Identify unusual access patterns using machine learning models.

Dynamically adjust access policies based on risk and AI-generated insights.

Suggest appropriate user roles based on usage patterns and peer behavior.

Possesses AI-driven triggers to determine when to require MFA or stronger authentication rather than always requiring it.

Builds profiles of known devices/environments per user and flags deviations such as new devices, new networks, and/or suspicious locations as higher risk.

Spot fraudulent behavior, such as account takeover attempts, credential stuffing, bots, and brute force attacks through the use of AI.

Uses machine learning to analyze past authentication events and suggest optimizations to security policies (e.g. thresholds, triggers) or to adjust rules over time.

Leverages AI to assign a risk score to a login attempt based on context, device, IP, historical patterns to dynamically decide whether to prompt for MFA, additional challenges, or allow seamless login.

Monitors behavioral signals including typing patterns, mouse movement, and/or touch/swipe dynamics to verify user identity either at login or continuously after login.

Uses computer vision, facial recognition, or other biometrics during onboarding or at risk events, with AI-based liveness checks to prevent spoofing or replay attacks.

Generates dynamic prompts to guide users through account recovery workflows.

Implements artificial intelligence to filter, rewrite, or block prompts that attempt to access unauthorized data, escalate privileges improperly, exploit system weaknesses, or otherwise re-provision customer access permissions.